Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-3257 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie. | ||||
| CVE-2013-2997 | 1 Ibm | 1 Security Appscan | 2025-04-11 | N/A |
| IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation. | ||||
| CVE-2011-4435 | 1 Ibm | 1 Db2 Tools For Z\/os | 2025-04-11 | N/A |
| The web-server component in the Consolidation and Analysis Engine (CAE) Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers to obtain sensitive information via HTTP requests. | ||||
| CVE-2011-2500 | 2 Linux-nfs, Redhat | 2 Nfs-utils, Enterprise Linux | 2025-04-11 | N/A |
| The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records. | ||||
| CVE-2011-4434 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-04-11 | N/A |
| Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags. | ||||
| CVE-2011-2495 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-11 | N/A |
| fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password. | ||||
| CVE-2009-4904 | 1 Dootzky | 1 Oblog | 2025-04-11 | N/A |
| article.php in oBlog does not properly restrict comments, which allows remote attackers to cause a denial of service (blog spam) via a comment=new action. | ||||
| CVE-2010-1794 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| The webdav_mount function in webdav_vfsops.c in the WebDAV kernel extension (aka webdav_fs.kext) for Mac OS X 10.6 allows local users to cause a denial of service (panic) via a mount request with a large integer in the pa_socket_namelen field. | ||||
| CVE-2013-1717 | 2 Mozilla, Redhat | 6 Firefox, Seamonkey, Thunderbird and 3 more | 2025-04-11 | N/A |
| Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname. | ||||
| CVE-2009-4876 | 1 Netrix | 1 Netrix Cms | 2025-04-11 | N/A |
| admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify arbitrary pages via a direct request using the cid parameter. | ||||
| CVE-2013-1700 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2025-04-11 | N/A |
| The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges via vectors involving placement of a Trojan horse executable file at an arbitrary location. | ||||
| CVE-2012-0264 | 1 Op5 | 1 Monitor | 2025-04-11 | N/A |
| op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors. | ||||
| CVE-2012-1451 | 2 Emsisoft, Ikarus | 2 Anti-malware, Ikarus Virus Utilities T3 Command Line Scanner | 2025-04-11 | N/A |
| The CAB file parser in Emsisoft Anti-Malware 5.1.0.1 and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 allows remote attackers to bypass malware detection via a CAB file with a modified reserved2 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. | ||||
| CVE-2013-2203 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message. | ||||
| CVE-2012-1453 | 13 Antiy, Ca, Drweb and 10 more | 14 Avl Sdk, Etrust Vet Antivirus, Dr.web Antivirus and 11 more | 2025-04-11 | N/A |
| The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. | ||||
| CVE-2011-2471 | 1 Maynard Johnson | 1 Oprofile | 2025-04-11 | N/A |
| utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup and do_load_setup functions, a different vulnerability than CVE-2011-1760. | ||||
| CVE-2012-1454 | 6 Aladdin, Drweb, Fortinet and 3 more | 6 Esafe, Dr.web Antivirus, Fortinet Antivirus and 3 more | 2025-04-11 | N/A |
| The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ei_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. | ||||
| CVE-2011-4356 | 1 Celeryproject | 1 Celery | 2025-04-11 | N/A |
| Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving crafted code that is executed by the worker process. | ||||
| CVE-2011-2993 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-11 | N/A |
| The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801. | ||||
| CVE-2013-1713 | 2 Mozilla, Redhat | 6 Firefox, Seamonkey, Thunderbird and 3 more | 2025-04-11 | N/A |
| Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site. | ||||